We should consider adding specific deliverables in the new charter related to security and privacy to enable work on the following statement in the charter:
[[
Given the sensitive nature of the data and sensors to which these APIs grant access, the Working Group also aims at crafting APIs that are both secure and privacy-enabling by design, based on the current Web browser security model. This entails reusing existing browser-based security metaphors where they apply and looking into innovative security and privacy mechanisms where they donÃ­t.
]]
To fill this gap we could add two additional deliverables:
(1) "Privacy Mechanism" recommendation track deliverable.
To support privacy by design principles we may need to outline mechanisms across the specifications. This may relate to various "do not track" efforts going on, rulesets, or other approaches, but the charter should allow work in this area.
(2) We also need to call out an explicit deliverable for permissions,
"Feature Permissions" recommendation track deliverable [FeaturePermissions]
What do you think?
regards, Frederick
Frederick Hirsch
Nokia
[Proposed charter] http://www.w3.org/2010/11/DeviceAPICharter.html
[Current charter] http://www.w3.org/2009/05/DeviceAPICharter.html
[FeaturePermissions] http://dev.w3.org/2006/webapi/WebNotifications/publish/FeaturePermissions.html
For tracker this should complete ACTION-335